Note: We're also taking the time to obay our new .editorconfig overlord!
For a far better description of the problem than I could author, see
Jon's write-up on LWN [1] and/or Alex's on the Kernel Self Protection
Project [1].
[0] https://lwn.net/Articles/69419/
[1] https://github.com/KSPP/linux/issues/105
Lee Jones (10):
scsi: 3w-xxxx: Trivial: Remove trailing whitespace
scsi: 53c700: Trivial: Remove trailing whitespace
scsi: NCR5380: Replace snprintf() with the safer scnprintf() variant
scsi: aacraid: linit: Remove snprintf() from sysfs call-backs and
replace with sysfs_emit()
scsi: aacraid: linit: Replace snprintf() with the safer scnprintf()
variant
scsi: aha1542: Replace snprintf() with the safer scnprintf() variant
scsi: aic7xxx: aicasm: Trivial: Remove trailing whitespace
scsi: aic7xxx: aicasm: Replace snprintf() with the safer scnprintf()
variant
scsi: aic94xx: Remove snprintf() from sysfs call-backs and replace
with sysfs_emit()
scsi: arcmsr: Remove snprintf() from sysfs call-backs and replace with
sysfs_emit()
drivers/scsi/3w-xxxx.c | 2 +-
drivers/scsi/53c700.c | 102 +++++++++++++--------------
drivers/scsi/NCR5380.c | 16 ++---
drivers/scsi/aacraid/linit.c | 40 +++++------
drivers/scsi/aha1542.c | 2 +-
drivers/scsi/aic7xxx/aicasm/aicasm.c | 16 ++---
drivers/scsi/aic94xx/aic94xx_init.c | 11 ++-
drivers/scsi/arcmsr/arcmsr_attr.c | 40 +++--------
8 files changed, 101 insertions(+), 128 deletions(-)
Cc: Adam Radford <[email protected]>
Cc: Adaptec OEM Raid Solutions <[email protected]>
Cc: Andre Hedrick <[email protected]>
Cc: de Melo <[email protected]>
Cc: [email protected]
Cc: Finn Thain <[email protected]>
Cc: Hannes Reinecke <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: Joel Jacobson <[email protected]>
Cc: John Garry <[email protected]>
Cc: Lee Jones <[email protected]>
Cc: [email protected]
Cc: Luben Tuikov <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: Michael Schmitz <[email protected]>
Cc: "PMC-Sierra, Inc" <[email protected]>
Cc: Richard Hirst <[email protected]>
Cc: [email protected]
Cc: Tnx to <[email protected]>
--
2.43.0.594.gd9cf4e227d-goog
Since 5a602de99797b ("Add .editorconfig file for basic formatting") my
editor has been forced to remove trailing whitespace from any file it
saves. Instead of fighting this recent kernel default, let's start
chipping away at fixing the issues.
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Adam Radford <[email protected]>
Cc: Joel Jacobson <[email protected]>
Cc: de Melo <[email protected]>
Cc: Andre Hedrick <[email protected]>
---
drivers/scsi/3w-xxxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c
index 2c0fb6da0e608..13ddc97f5a623 100644
--- a/drivers/scsi/3w-xxxx.c
+++ b/drivers/scsi/3w-xxxx.c
@@ -1099,7 +1099,7 @@ static int tw_initconnection(TW_Device_Extension *tw_dev, int message_credits)
command_packet->request_id = request_id;
command_packet->status = 0x0;
command_packet->flags = 0x0;
- command_packet->byte6.message_credits = message_credits;
+ command_packet->byte6.message_credits = message_credits;
command_packet->byte8.init_connection.response_queue_pointer = 0x0;
command_que_value = tw_dev->command_packet_physical_address[request_id];
--
2.43.0.594.gd9cf4e227d-goog
Since 5a602de99797b ("Add .editorconfig file for basic formatting") my
editor has been forced to remove trailing whitespace from any file it
saves. Instead of fighting this recent kernel default, let's start
chipping away at fixing the issues.
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Richard Hirst <[email protected]>
---
drivers/scsi/53c700.c | 102 +++++++++++++++++++++---------------------
1 file changed, 51 insertions(+), 51 deletions(-)
diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
index 85439e976143b..1aa933485719a 100644
--- a/drivers/scsi/53c700.c
+++ b/drivers/scsi/53c700.c
@@ -4,7 +4,7 @@
*
* Copyright (C) 2001 by [email protected]
**-----------------------------------------------------------------------------
-**
+**
**
**-----------------------------------------------------------------------------
*/
@@ -18,7 +18,7 @@
*
* The 700 is the lowliest of the line, it can only do async SCSI.
* The 700-66 can at least do synchronous SCSI up to 10MHz.
- *
+ *
* The 700 chip has no host bus interface logic of its own. However,
* it is usually mapped to a location with well defined register
* offsets. Therefore, if you can determine the base address and the
@@ -61,7 +61,7 @@
* consistent memory allocation.
*
* Version 2.5
- *
+ *
* More Compatibility changes for 710 (now actually works). Enhanced
* support for odd clock speeds which constrain SDTR negotiations.
* correct cacheline separation for scsi messages and status for
@@ -70,7 +70,7 @@
*
* Version 2.4
*
- * Added support for the 53c710 chip (in 53c700 emulation mode only---no
+ * Added support for the 53c710 chip (in 53c700 emulation mode only---no
* special 53c710 instructions or registers are used).
*
* Version 2.3
@@ -190,7 +190,7 @@ static char *NCR_700_condition[] = {
"DISCONNECT_MSG RECEIVED",
"MSG_OUT",
"DATA_IN",
-
+
};
static char *NCR_700_fatal_messages[] = {
@@ -260,7 +260,7 @@ NCR_700_offset_period_to_sxfer(struct NCR_700_Host_Parameters *hostdata,
static inline __u8
NCR_700_get_SXFER(struct scsi_device *SDp)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SDp->host->hostdata[0];
return NCR_700_offset_period_to_sxfer(hostdata,
@@ -416,7 +416,7 @@ NCR_700_detect(struct scsi_host_template *tpnt,
int
NCR_700_release(struct Scsi_Host *host)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)host->hostdata[0];
if (hostdata->noncoherent)
@@ -449,7 +449,7 @@ NCR_700_identify(int can_disconnect, __u8 lun)
* Inputs : host - SCSI host */
static inline int
NCR_700_data_residual (struct Scsi_Host *host) {
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)host->hostdata[0];
int count, synchronous = 0;
unsigned int ddir;
@@ -461,16 +461,16 @@ NCR_700_data_residual (struct Scsi_Host *host) {
count = ((NCR_700_readb(host, DFIFO_REG) & 0x3f) -
(NCR_700_readl(host, DBC_REG) & 0x3f)) & 0x3f;
}
-
+
if(hostdata->fast)
synchronous = NCR_700_readb(host, SXFER_REG) & 0x0f;
-
+
/* get the data direction */
ddir = NCR_700_readb(host, CTEST0_REG) & 0x01;
if (ddir) {
/* Receive */
- if (synchronous)
+ if (synchronous)
count += (NCR_700_readb(host, SSTAT2_REG) & 0xf0) >> 4;
else
if (NCR_700_readb(host, SSTAT1_REG) & SIDL_REG_FULL)
@@ -500,7 +500,7 @@ sbcl_to_string(__u8 sbcl)
ret[0]='\0';
for(i=0; i<8; i++) {
- if((1<<i) & sbcl)
+ if((1<<i) & sbcl)
strcat(ret, NCR_700_SBCL_bits[i]);
}
strcat(ret, NCR_700_SBCL_to_phase[sbcl & 0x07]);
@@ -533,7 +533,7 @@ find_empty_slot(struct NCR_700_Host_Parameters *hostdata)
if(slot->state != NCR_700_SLOT_FREE)
/* should panic! */
printk(KERN_ERR "BUSY SLOT ON FREE LIST!!!\n");
-
+
hostdata->free_list = slot->ITL_forw;
slot->ITL_forw = NULL;
@@ -546,11 +546,11 @@ find_empty_slot(struct NCR_700_Host_Parameters *hostdata)
slot->state = NCR_700_SLOT_BUSY;
slot->flags = 0;
hostdata->command_slot_count++;
-
+
return slot;
}
-STATIC void
+STATIC void
free_slot(struct NCR_700_command_slot *slot,
struct NCR_700_Host_Parameters *hostdata)
{
@@ -560,7 +560,7 @@ free_slot(struct NCR_700_command_slot *slot,
if(slot->state == NCR_700_SLOT_FREE) {
printk(KERN_ERR "53c700: SLOT %p is FREE!!!\n", slot);
}
-
+
slot->resume_offset = 0;
slot->cmnd = NULL;
slot->state = NCR_700_SLOT_FREE;
@@ -654,7 +654,7 @@ NCR_700_internal_bus_reset(struct Scsi_Host *host)
STATIC void
NCR_700_chip_setup(struct Scsi_Host *host)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)host->hostdata[0];
__u8 min_period;
__u8 min_xferp = (hostdata->chip710 ? NCR_710_MIN_XFERP : NCR_700_MIN_XFERP);
@@ -694,11 +694,11 @@ NCR_700_chip_setup(struct Scsi_Host *host)
} else {
NCR_700_writeb(BURST_LENGTH_8 | hostdata->dmode_extra,
host, DMODE_700_REG);
- NCR_700_writeb(hostdata->differential ?
+ NCR_700_writeb(hostdata->differential ?
DIFF : 0, host, CTEST7_REG);
if(hostdata->fast) {
/* this is for 700-66, does nothing on 700 */
- NCR_700_writeb(LAST_DIS_ENBL | ENABLE_ACTIVE_NEGATION
+ NCR_700_writeb(LAST_DIS_ENBL | ENABLE_ACTIVE_NEGATION
| GENERATE_RECEIVE_PARITY, host,
CTEST8_REG);
} else {
@@ -731,7 +731,7 @@ NCR_700_chip_setup(struct Scsi_Host *host)
NCR_700_writeb(ASYNC_DIV_3_0 | hostdata->dcntl_extra, host, DCNTL_REG);
hostdata->sync_clock = hostdata->clock*2;
hostdata->sync_clock /= 3;
-
+
} else if(hostdata->clock > 37 && hostdata->clock <= 50) {
/* sync divider 1, async divider 2 */
DEBUG(("53c700: sync 1 async 2\n"));
@@ -764,7 +764,7 @@ NCR_700_chip_setup(struct Scsi_Host *host)
STATIC void
NCR_700_chip_reset(struct Scsi_Host *host)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)host->hostdata[0];
if(hostdata->chip710) {
NCR_700_writeb(SOFTWARE_RESET_710, host, ISTAT_REG);
@@ -774,7 +774,7 @@ NCR_700_chip_reset(struct Scsi_Host *host)
} else {
NCR_700_writeb(SOFTWARE_RESET, host, DCNTL_REG);
udelay(100);
-
+
NCR_700_writeb(0, host, DCNTL_REG);
}
@@ -790,7 +790,7 @@ NCR_700_chip_reset(struct Scsi_Host *host)
* ACK) so that the routine returns correctly to resume its activity
* */
STATIC __u32
-process_extended_message(struct Scsi_Host *host,
+process_extended_message(struct Scsi_Host *host,
struct NCR_700_Host_Parameters *hostdata,
struct scsi_cmnd *SCp, __u32 dsp, __u32 dsps)
{
@@ -816,15 +816,15 @@ process_extended_message(struct Scsi_Host *host,
spi_offset(starget) = offset;
spi_period(starget) = period;
-
+
if(NCR_700_is_flag_set(SCp->device, NCR_700_DEV_PRINT_SYNC_NEGOTIATION)) {
spi_display_xfer_agreement(starget);
NCR_700_clear_flag(SCp->device, NCR_700_DEV_PRINT_SYNC_NEGOTIATION);
}
-
+
NCR_700_set_flag(SCp->device, NCR_700_DEV_NEGOTIATED_SYNC);
NCR_700_clear_flag(SCp->device, NCR_700_DEV_BEGIN_SYNC_NEGOTIATION);
-
+
NCR_700_writeb(NCR_700_get_SXFER(SCp->device),
host, SXFER_REG);
@@ -841,7 +841,7 @@ process_extended_message(struct Scsi_Host *host,
resume_offset = hostdata->pScript + Ent_SendMessageWithATN;
}
break;
-
+
case A_WDTR_MSG:
printk(KERN_INFO "scsi%d: (%d:%d), Unsolicited WDTR after CMD, Rejecting\n",
host->host_no, pun, lun);
@@ -1121,7 +1121,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
SCp = scsi_host_find_tag(SDp->host, hostdata->msgin[2]);
if(unlikely(SCp == NULL)) {
- printk(KERN_ERR "scsi%d: (%d:%d) no saved request for tag %d\n",
+ printk(KERN_ERR "scsi%d: (%d:%d) no saved request for tag %d\n",
host->host_no, reselection_id, lun, hostdata->msgin[2]);
BUG();
}
@@ -1180,7 +1180,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
slot->cmnd->cmd_len);
-
+
}
} else if(dsps == A_RESELECTED_DURING_SELECTION) {
@@ -1193,10 +1193,10 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
__u8 reselection_id = NCR_700_readb(host, SFBR_REG);
struct NCR_700_command_slot *slot;
-
+
/* Take out our own ID */
reselection_id &= ~(1<<host->this_id);
-
+
/* I've never seen this happen, so keep this as a printk rather
* than a debug */
printk(KERN_INFO "scsi%d: (%d:%d) RESELECTION DURING SELECTION, dsp=%08x[%04x] state=%d, count=%d\n",
@@ -1222,7 +1222,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
slot->state = NCR_700_SLOT_QUEUED;
}
hostdata->cmd = NULL;
-
+
if(reselection_id == 0) {
if(hostdata->reselection_id == 0xff) {
printk(KERN_ERR "scsi%d: Invalid reselection during selection!!\n", host->host_no);
@@ -1233,7 +1233,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
reselection_id = hostdata->reselection_id;
}
} else {
-
+
/* convert to real ID */
reselection_id = bitmap_to_number(reselection_id);
}
@@ -1251,7 +1251,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
* a return here will re-run the queued command slot
* that may have been interrupted by the initial selection */
DEBUG((" SELECTION COMPLETED\n"));
- } else if((dsps & 0xfffff0f0) == A_MSG_IN) {
+ } else if((dsps & 0xfffff0f0) == A_MSG_IN) {
resume_offset = process_message(host, hostdata, SCp,
dsp, dsps);
} else if((dsps & 0xfffff000) == 0) {
@@ -1304,7 +1304,7 @@ process_selection(struct Scsi_Host *host, __u32 dsp)
/* Take out our own ID */
id &= ~(1<<host->this_id);
- if(id != 0)
+ if(id != 0)
break;
udelay(5);
}
@@ -1322,7 +1322,7 @@ process_selection(struct Scsi_Host *host, __u32 dsp)
struct NCR_700_command_slot *slot =
(struct NCR_700_command_slot *)SCp->host_scribble;
DEBUG((" ID %d WARNING: RESELECTION OF BUSY HOST, saving cmd %p, slot %p, addr %x [%04x], resume %x!\n", id, hostdata->cmd, slot, dsp, dsp - hostdata->pScript, resume_offset));
-
+
switch(dsp - hostdata->pScript) {
case Ent_Disconnect1:
case Ent_Disconnect2:
@@ -1344,7 +1344,7 @@ process_selection(struct Scsi_Host *host, __u32 dsp)
case Ent_Finish2:
process_script_interrupt(A_GOOD_STATUS_AFTER_STATUS, dsp, SCp, host, hostdata);
break;
-
+
default:
slot->state = NCR_700_SLOT_QUEUED;
break;
@@ -1547,7 +1547,7 @@ NCR_700_intr(int irq, void *dev_id)
/* clear all the negotiated parameters */
__shost_for_each_device(SDp, host)
NCR_700_clear_flag(SDp, ~0);
-
+
/* clear all the slots and their pending commands */
for(i = 0; i < NCR_700_COMMAND_SLOTS_PER_HOST; i++) {
struct scsi_cmnd *SCp;
@@ -1556,7 +1556,7 @@ NCR_700_intr(int irq, void *dev_id)
if(slot->state == NCR_700_SLOT_FREE)
continue;
-
+
SCp = slot->cmnd;
printk(KERN_ERR " failing command because of reset, slot %p, cmnd %p\n",
slot, SCp);
@@ -1620,7 +1620,7 @@ NCR_700_intr(int irq, void *dev_id)
data_transfer += residual;
if(data_transfer != 0) {
- int count;
+ int count;
__u32 pAddr;
SGcount--;
@@ -1680,7 +1680,7 @@ NCR_700_intr(int irq, void *dev_id)
NCR_700_scsi_done(hostdata, SCp, DID_ERROR<<16);
}
-
+
/* NOTE: selection interrupt processing MUST occur
* after script interrupt processing to correctly cope
* with the case where we process a disconnect and
@@ -1718,7 +1718,7 @@ NCR_700_intr(int irq, void *dev_id)
DEBUG(("Attempting to resume at %x\n", resume_offset));
NCR_700_clear_fifo(host);
NCR_700_writel(resume_offset, host, DSP_REG);
- }
+ }
/* There is probably a technical no-no about this: If we're a
* shared interrupt and we got this interrupt because the
* other device needs servicing not us, we're still going to
@@ -1732,7 +1732,7 @@ NCR_700_intr(int irq, void *dev_id)
* position we left off */
int j = (i + hostdata->saved_slot_position)
% NCR_700_COMMAND_SLOTS_PER_HOST;
-
+
if(hostdata->slots[j].state != NCR_700_SLOT_QUEUED)
continue;
if(NCR_700_start_command(hostdata->slots[j].cmnd)) {
@@ -1752,7 +1752,7 @@ NCR_700_intr(int irq, void *dev_id)
static int NCR_700_queuecommand_lck(struct scsi_cmnd *SCp)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SCp->device->host->hostdata[0];
__u32 move_ins;
struct NCR_700_command_slot *slot;
@@ -1852,7 +1852,7 @@ static int NCR_700_queuecommand_lck(struct scsi_cmnd *SCp)
default:
printk(KERN_ERR "53c700: Unknown command for data direction ");
scsi_print_command(SCp);
-
+
move_ins = 0;
break;
case DMA_NONE:
@@ -1937,7 +1937,7 @@ STATIC int
NCR_700_host_reset(struct scsi_cmnd * SCp)
{
DECLARE_COMPLETION_ONSTACK(complete);
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SCp->device->host->hostdata[0];
scmd_printk(KERN_INFO, SCp,
@@ -1975,9 +1975,9 @@ STATIC void
NCR_700_set_period(struct scsi_target *STp, int period)
{
struct Scsi_Host *SHp = dev_to_shost(STp->dev.parent);
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SHp->hostdata[0];
-
+
if(!hostdata->fast)
return;
@@ -1994,11 +1994,11 @@ STATIC void
NCR_700_set_offset(struct scsi_target *STp, int offset)
{
struct Scsi_Host *SHp = dev_to_shost(STp->dev.parent);
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SHp->hostdata[0];
int max_offset = hostdata->chip710
? NCR_710_MAX_OFFSET : NCR_700_MAX_OFFSET;
-
+
if(!hostdata->fast)
return;
@@ -2031,7 +2031,7 @@ NCR_700_slave_alloc(struct scsi_device *SDp)
STATIC int
NCR_700_slave_configure(struct scsi_device *SDp)
{
- struct NCR_700_Host_Parameters *hostdata =
+ struct NCR_700_Host_Parameters *hostdata =
(struct NCR_700_Host_Parameters *)SDp->host->hostdata[0];
/* to do here: allocate memory; build a queue_full list */
--
2.43.0.594.gd9cf4e227d-goog
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Finn Thain <[email protected]>
Cc: Michael Schmitz <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: [email protected]
Cc: Tnx to <[email protected]>
Cc: [email protected]
---
drivers/scsi/NCR5380.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
index cea3a79d538e4..ea565e843c765 100644
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -421,14 +421,14 @@ static int NCR5380_init(struct Scsi_Host *instance, int flags)
if (!hostdata->work_q)
return -ENOMEM;
- snprintf(hostdata->info, sizeof(hostdata->info),
- "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
- instance->hostt->name, instance->irq, hostdata->io_port,
- hostdata->base, instance->can_queue, instance->cmd_per_lun,
- instance->sg_tablesize, instance->this_id,
- hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
- hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
- hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
+ scnprintf(hostdata->info, sizeof(hostdata->info),
+ "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
+ instance->hostt->name, instance->irq, hostdata->io_port,
+ hostdata->base, instance->can_queue, instance->cmd_per_lun,
+ instance->sg_tablesize, instance->this_id,
+ hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
+ hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
+ hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
NCR5380_write(MODE_REG, MR_BASE);
--
2.43.0.594.gd9cf4e227d-goog
Since snprintf() has the documented, but still rather strange trait of
returning the length of the data that *would have been* written to the
array if space were available, rather than the arguably more useful
length of data *actually* written, it is usually considered wise to use
something else instead in order to avoid confusion.
In the case of sysfs call-backs, new wrappers exist that do just that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Adaptec OEM Raid Solutions <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: "PMC-Sierra, Inc" <[email protected]>
Cc: [email protected]
---
drivers/scsi/aacraid/linit.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
index 68f4dbcfff492..69526e2bd2e78 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -558,11 +558,9 @@ static ssize_t aac_show_raid_level(struct device *dev, struct device_attribute *
struct scsi_device *sdev = to_scsi_device(dev);
struct aac_dev *aac = (struct aac_dev *)(sdev->host->hostdata);
if (sdev_channel(sdev) != CONTAINER_CHANNEL)
- return snprintf(buf, PAGE_SIZE, sdev->no_uld_attach
- ? "Hidden\n" :
+ return sysfs_emit(buf, sdev->no_uld_attach ? "Hidden\n" :
((aac->jbod && (sdev->type == TYPE_DISK)) ? "JBOD\n" : ""));
- return snprintf(buf, PAGE_SIZE, "%s\n",
- get_container_type(aac->fsa_dev[sdev_id(sdev)].type));
+ return sysfs_emit(buf, "%s\n", get_container_type(aac->fsa_dev[sdev_id(sdev)].type));
}
static struct device_attribute aac_raid_level_attr = {
@@ -1195,10 +1193,9 @@ static ssize_t aac_show_model(struct device *device,
++cp;
while (*cp == ' ')
++cp;
- len = snprintf(buf, PAGE_SIZE, "%s\n", cp);
+ len = sysfs_emit(buf, "%s\n", cp);
} else
- len = snprintf(buf, PAGE_SIZE, "%s\n",
- aac_drivers[dev->cardtype].model);
+ len = sysfs_emit(buf, "%s\n", aac_drivers[dev->cardtype].model);
return len;
}
@@ -1214,12 +1211,11 @@ static ssize_t aac_show_vendor(struct device *device,
char *cp = sup_adap_info->adapter_type_text;
while (*cp && *cp != ' ')
++cp;
- len = snprintf(buf, PAGE_SIZE, "%.*s\n",
+ len = sysfs_emit(buf, "%.*s\n",
(int)(cp - (char *)sup_adap_info->adapter_type_text),
sup_adap_info->adapter_type_text);
} else
- len = snprintf(buf, PAGE_SIZE, "%s\n",
- aac_drivers[dev->cardtype].vname);
+ len = sysfs_emit(buf, "%s\n", aac_drivers[dev->cardtype].vname);
return len;
}
@@ -1230,7 +1226,7 @@ static ssize_t aac_show_flags(struct device *cdev,
struct aac_dev *dev = (struct aac_dev*)class_to_shost(cdev)->hostdata;
if (nblank(dprintk(x)))
- len = snprintf(buf, PAGE_SIZE, "dprintk\n");
+ len = sysfs_emit(buf, "dprintk\n");
#ifdef AAC_DETAILED_STATUS_INFO
len += scnprintf(buf + len, PAGE_SIZE - len,
"AAC_DETAILED_STATUS_INFO\n");
@@ -1258,7 +1254,7 @@ static ssize_t aac_show_kernel_version(struct device *device,
int len, tmp;
tmp = le32_to_cpu(dev->adapter_info.kernelrev);
- len = snprintf(buf, PAGE_SIZE, "%d.%d-%d[%d]\n",
+ len = sysfs_emit(buf, "%d.%d-%d[%d]\n",
tmp >> 24, (tmp >> 16) & 0xff, tmp & 0xff,
le32_to_cpu(dev->adapter_info.kernelbuild));
return len;
@@ -1272,7 +1268,7 @@ static ssize_t aac_show_monitor_version(struct device *device,
int len, tmp;
tmp = le32_to_cpu(dev->adapter_info.monitorrev);
- len = snprintf(buf, PAGE_SIZE, "%d.%d-%d[%d]\n",
+ len = sysfs_emit(buf, "%d.%d-%d[%d]\n",
tmp >> 24, (tmp >> 16) & 0xff, tmp & 0xff,
le32_to_cpu(dev->adapter_info.monitorbuild));
return len;
@@ -1286,7 +1282,7 @@ static ssize_t aac_show_bios_version(struct device *device,
int len, tmp;
tmp = le32_to_cpu(dev->adapter_info.biosrev);
- len = snprintf(buf, PAGE_SIZE, "%d.%d-%d[%d]\n",
+ len = sysfs_emit(buf, "%d.%d-%d[%d]\n",
tmp >> 24, (tmp >> 16) & 0xff, tmp & 0xff,
le32_to_cpu(dev->adapter_info.biosbuild));
return len;
@@ -1296,7 +1292,7 @@ static ssize_t aac_show_driver_version(struct device *device,
struct device_attribute *attr,
char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%s\n", aac_driver_version);
+ return sysfs_emit(buf, "%s\n", aac_driver_version);
}
static ssize_t aac_show_serial_number(struct device *device,
@@ -1322,15 +1318,13 @@ static ssize_t aac_show_serial_number(struct device *device,
static ssize_t aac_show_max_channel(struct device *device,
struct device_attribute *attr, char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%d\n",
- class_to_shost(device)->max_channel);
+ return sysfs_emit(buf, "%d\n", class_to_shost(device)->max_channel);
}
static ssize_t aac_show_max_id(struct device *device,
struct device_attribute *attr, char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%d\n",
- class_to_shost(device)->max_id);
+ return sysfs_emit(buf, "%d\n", class_to_shost(device)->max_id);
}
static ssize_t aac_store_reset_adapter(struct device *device,
@@ -1360,7 +1354,7 @@ static ssize_t aac_show_reset_adapter(struct device *device,
tmp = aac_adapter_check_health(dev);
if ((tmp == 0) && dev->in_reset)
tmp = -EBUSY;
- len = snprintf(buf, PAGE_SIZE, "0x%x\n", tmp);
+ len = sysfs_emit(buf, "0x%x\n", tmp);
return len;
}
--
2.43.0.594.gd9cf4e227d-goog
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: [email protected]
---
drivers/scsi/aha1542.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c
index 9503996c63256..b5ec7887801a5 100644
--- a/drivers/scsi/aha1542.c
+++ b/drivers/scsi/aha1542.c
@@ -772,7 +772,7 @@ static struct Scsi_Host *aha1542_hw_init(const struct scsi_host_template *tpnt,
goto unregister;
if (sh->dma_channel != 0xFF)
- snprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel);
+ scnprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel);
shost_printk(KERN_INFO, sh, "Adaptec AHA-1542 (SCSI-ID %d) at IO 0x%x, IRQ %d, %s\n",
sh->this_id, base_io, sh->irq, dma_info);
if (aha1542->bios_translation == BIOS_TRANSLATION_25563)
--
2.43.0.594.gd9cf4e227d-goog
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Hannes Reinecke <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: Lee Jones <[email protected]>
Cc: [email protected]
---
drivers/scsi/aic7xxx/aicasm/aicasm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/aic7xxx/aicasm/aicasm.c b/drivers/scsi/aic7xxx/aicasm/aicasm.c
index 8d995186e557a..bc758e78d3c06 100644
--- a/drivers/scsi/aic7xxx/aicasm/aicasm.c
+++ b/drivers/scsi/aic7xxx/aicasm/aicasm.c
@@ -331,7 +331,7 @@ back_patch()
if (cur_instr->patch_label->type != LABEL) {
char buf[255];
- snprintf(buf, sizeof(buf),
+ scnprintf(buf, sizeof(buf),
"Undefined label %s",
cur_instr->patch_label->name);
stop(buf, EX_DATAERR);
--
2.43.0.594.gd9cf4e227d-goog
Since snprintf() has the documented, but still rather strange trait of
returning the length of the data that *would have been* written to the
array if space were available, rather than the arguably more useful
length of data *actually* written, it is usually considered wise to use
something else instead in order to avoid confusion.
In the case of sysfs call-backs, new wrappers exist that do just that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
drivers/scsi/arcmsr/arcmsr_attr.c | 40 ++++++++-----------------------
1 file changed, 10 insertions(+), 30 deletions(-)
diff --git a/drivers/scsi/arcmsr/arcmsr_attr.c b/drivers/scsi/arcmsr/arcmsr_attr.c
index baeb5e7956902..c430c835503be 100644
--- a/drivers/scsi/arcmsr/arcmsr_attr.c
+++ b/drivers/scsi/arcmsr/arcmsr_attr.c
@@ -258,9 +258,7 @@ static ssize_t
arcmsr_attr_host_driver_version(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return snprintf(buf, PAGE_SIZE,
- "%s\n",
- ARCMSR_DRIVER_VERSION);
+ return sysfs_emit(buf, "%s\n", ARCMSR_DRIVER_VERSION);
}
static ssize_t
@@ -270,9 +268,7 @@ arcmsr_attr_host_driver_posted_cmd(struct device *dev,
struct Scsi_Host *host = class_to_shost(dev);
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- atomic_read(&acb->ccboutstandingcount));
+ return sysfs_emit(buf, "%4d\n", atomic_read(&acb->ccboutstandingcount));
}
static ssize_t
@@ -282,9 +278,7 @@ arcmsr_attr_host_driver_reset(struct device *dev,
struct Scsi_Host *host = class_to_shost(dev);
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->num_resets);
+ return sysfs_emit(buf, "%4d\n", acb->num_resets);
}
static ssize_t
@@ -294,9 +288,7 @@ arcmsr_attr_host_driver_abort(struct device *dev,
struct Scsi_Host *host = class_to_shost(dev);
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->num_aborts);
+ return sysfs_emit(buf, "%4d\n", acb->num_aborts);
}
static ssize_t
@@ -306,9 +298,7 @@ arcmsr_attr_host_fw_model(struct device *dev, struct device_attribute *attr,
struct Scsi_Host *host = class_to_shost(dev);
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%s\n",
- acb->firm_model);
+ return sysfs_emit(buf, "%s\n", acb->firm_model);
}
static ssize_t
@@ -319,9 +309,7 @@ arcmsr_attr_host_fw_version(struct device *dev,
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%s\n",
- acb->firm_version);
+ return sysfs_emit(buf, "%s\n", acb->firm_version);
}
static ssize_t
@@ -332,9 +320,7 @@ arcmsr_attr_host_fw_request_len(struct device *dev,
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->firm_request_len);
+ return sysfs_emit(buf, "%4d\n", acb->firm_request_len);
}
static ssize_t
@@ -345,9 +331,7 @@ arcmsr_attr_host_fw_numbers_queue(struct device *dev,
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->firm_numbers_queue);
+ return sysfs_emit(buf, "%4d\n", acb->firm_numbers_queue);
}
static ssize_t
@@ -358,9 +342,7 @@ arcmsr_attr_host_fw_sdram_size(struct device *dev,
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->firm_sdram_size);
+ return sysfs_emit(buf, "%4d\n", acb->firm_sdram_size);
}
static ssize_t
@@ -371,9 +353,7 @@ arcmsr_attr_host_fw_hd_channels(struct device *dev,
struct AdapterControlBlock *acb =
(struct AdapterControlBlock *) host->hostdata;
- return snprintf(buf, PAGE_SIZE,
- "%4d\n",
- acb->firm_hd_channels);
+ return sysfs_emit(buf, "%4d\n", acb->firm_hd_channels);
}
static DEVICE_ATTR(host_driver_version, S_IRUGO, arcmsr_attr_host_driver_version, NULL);
--
2.43.0.594.gd9cf4e227d-goog
Since snprintf() has the documented, but still rather strange trait of
returning the length of the data that *would have been* written to the
array if space were available, rather than the arguably more useful
length of data *actually* written, it is usually considered wise to use
something else instead in order to avoid confusion.
In the case of sysfs call-backs, new wrappers exist that do just that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: John Garry <[email protected]>
Cc: Luben Tuikov <[email protected]>
Cc: [email protected]
---
drivers/scsi/aic94xx/aic94xx_init.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c
index 8a3340d8d7ad4..c976e4b77c71e 100644
--- a/drivers/scsi/aic94xx/aic94xx_init.c
+++ b/drivers/scsi/aic94xx/aic94xx_init.c
@@ -264,8 +264,7 @@ static ssize_t asd_show_dev_rev(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct asd_ha_struct *asd_ha = dev_to_asd_ha(dev);
- return snprintf(buf, PAGE_SIZE, "%s\n",
- asd_dev_rev[asd_ha->revision_id]);
+ return sysfs_emit(buf, "%s\n", asd_dev_rev[asd_ha->revision_id]);
}
static DEVICE_ATTR(aic_revision, S_IRUGO, asd_show_dev_rev, NULL);
@@ -273,7 +272,7 @@ static ssize_t asd_show_dev_bios_build(struct device *dev,
struct device_attribute *attr,char *buf)
{
struct asd_ha_struct *asd_ha = dev_to_asd_ha(dev);
- return snprintf(buf, PAGE_SIZE, "%d\n", asd_ha->hw_prof.bios.bld);
+ return sysfs_emit(buf, "%d\n", asd_ha->hw_prof.bios.bld);
}
static DEVICE_ATTR(bios_build, S_IRUGO, asd_show_dev_bios_build, NULL);
@@ -281,7 +280,7 @@ static ssize_t asd_show_dev_pcba_sn(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct asd_ha_struct *asd_ha = dev_to_asd_ha(dev);
- return snprintf(buf, PAGE_SIZE, "%s\n", asd_ha->hw_prof.pcba_sn);
+ return sysfs_emit(buf, "%s\n", asd_ha->hw_prof.pcba_sn);
}
static DEVICE_ATTR(pcba_sn, S_IRUGO, asd_show_dev_pcba_sn, NULL);
@@ -452,7 +451,7 @@ static ssize_t asd_show_update_bios(struct device *dev,
if (asd_ha->bios_status != FLASH_IN_PROGRESS)
asd_ha->bios_status = FLASH_OK;
- return snprintf(buf, PAGE_SIZE, "status=%x %s\n",
+ return sysfs_emit(buf, "status=%x %s\n",
flash_error_table[i].err_code,
flash_error_table[i].reason);
}
@@ -937,7 +936,7 @@ static int asd_scan_finished(struct Scsi_Host *shost, unsigned long time)
static ssize_t version_show(struct device_driver *driver, char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%s\n", ASD_DRIVER_VERSION);
+ return sysfs_emit(buf, "%s\n", ASD_DRIVER_VERSION);
}
static DRIVER_ATTR_RO(version);
--
2.43.0.594.gd9cf4e227d-goog
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Adaptec OEM Raid Solutions <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: "PMC-Sierra, Inc" <[email protected]>
Cc: [email protected]
---
drivers/scsi/aacraid/linit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
index 69526e2bd2e78..0e47d9c4cff23 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -583,7 +583,7 @@ static ssize_t aac_show_unique_id(struct device *dev,
if (sdev_channel(sdev) == CONTAINER_CHANNEL)
memcpy(sn, aac->fsa_dev[sdev_id(sdev)].identifier, sizeof(sn));
- return snprintf(buf, 16 * 2 + 2,
+ return scnprintf(buf, 16 * 2 + 2,
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X\n",
sn[0], sn[1], sn[2], sn[3],
sn[4], sn[5], sn[6], sn[7],
@@ -1302,13 +1302,13 @@ static ssize_t aac_show_serial_number(struct device *device,
int len = 0;
if (le32_to_cpu(dev->adapter_info.serial[0]) != 0xBAD0)
- len = snprintf(buf, 16, "%06X\n",
+ len = scnprintf(buf, 16, "%06X\n",
le32_to_cpu(dev->adapter_info.serial[0]));
if (len &&
!memcmp(&dev->supplement_adapter_info.mfg_pcba_serial_no[
sizeof(dev->supplement_adapter_info.mfg_pcba_serial_no)-len],
buf, len-1))
- len = snprintf(buf, 16, "%.*s\n",
+ len = scnprintf(buf, 16, "%.*s\n",
(int)sizeof(dev->supplement_adapter_info.mfg_pcba_serial_no),
dev->supplement_adapter_info.mfg_pcba_serial_no);
--
2.43.0.594.gd9cf4e227d-goog
Removing out of need rather than want. I wish to make proper changes to
this file, but my editor is insistent on removing whitespace on save.
Rather than go down the rabbit hole of debugging my editor right now,
I'd rather stay productive. So, out it comes!
EDIT: Found it. Looks like 5a602de99797b ("Add .editorconfig file for
basic formatting") now forces editors to trim whitespace.
Signed-off-by: Lee Jones <[email protected]>
---
Cc: Hannes Reinecke <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: [email protected]
---
drivers/scsi/aic7xxx/aicasm/aicasm.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/aic7xxx/aicasm/aicasm.c b/drivers/scsi/aic7xxx/aicasm/aicasm.c
index cd692a4c5f857..8d995186e557a 100644
--- a/drivers/scsi/aic7xxx/aicasm/aicasm.c
+++ b/drivers/scsi/aic7xxx/aicasm/aicasm.c
@@ -132,7 +132,7 @@ main(int argc, char *argv[])
/* Set Sentinal scope node */
sentinal = scope_alloc();
sentinal->type = SCOPE_ROOT;
-
+
includes_search_curdir = 1;
appname = *argv;
regfile = NULL;
@@ -553,7 +553,7 @@ output_listing(char *ifilename)
if (func_values == NULL)
stop("Could not malloc", EX_OSERR);
-
+
func_values[0] = 0; /* FALSE func */
func_count--;
@@ -561,13 +561,13 @@ output_listing(char *ifilename)
* Ask the user to fill in the return values for
* the rest of the functions.
*/
-
-
+
+
for (cur_func = SLIST_FIRST(&patch_functions);
cur_func != NULL && SLIST_NEXT(cur_func, links) != NULL;
cur_func = SLIST_NEXT(cur_func, links), func_count--) {
int input;
-
+
fprintf(stdout, "\n(%s)\n", cur_func->symbol->name);
fprintf(stdout,
"Enter the return value for "
@@ -751,7 +751,7 @@ cs_alloc()
if (new_cs == NULL)
stop("Unable to malloc critical_section object", EX_SOFTWARE);
memset(new_cs, 0, sizeof(*new_cs));
-
+
TAILQ_INSERT_TAIL(&cs_tailq, new_cs, links);
return new_cs;
}
@@ -766,7 +766,7 @@ scope_alloc()
stop("Unable to malloc scope object", EX_SOFTWARE);
memset(new_scope, 0, sizeof(*new_scope));
TAILQ_INIT(&new_scope->inner_scope);
-
+
if (SLIST_FIRST(&scope_stack) != NULL) {
TAILQ_INSERT_TAIL(&SLIST_FIRST(&scope_stack)->inner_scope,
new_scope, scope_links);
--
2.43.0.594.gd9cf4e227d-goog
Hi Lee,
Thanks for your patch!
On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]> wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
Confused... The return value is not used at all?
> --- a/drivers/scsi/NCR5380.c
> +++ b/drivers/scsi/NCR5380.c
> @@ -421,14 +421,14 @@ static int NCR5380_init(struct Scsi_Host *instance, int flags)
> if (!hostdata->work_q)
> return -ENOMEM;
>
> - snprintf(hostdata->info, sizeof(hostdata->info),
> - "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> - instance->hostt->name, instance->irq, hostdata->io_port,
> - hostdata->base, instance->can_queue, instance->cmd_per_lun,
> - instance->sg_tablesize, instance->this_id,
> - hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> - hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> - hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
> + scnprintf(hostdata->info, sizeof(hostdata->info),
> + "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> + instance->hostt->name, instance->irq, hostdata->io_port,
> + hostdata->base, instance->can_queue, instance->cmd_per_lun,
> + instance->sg_tablesize, instance->this_id,
> + hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> + hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> + hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
>
> NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
> NCR5380_write(MODE_REG, MR_BASE);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> Hi Lee,
>
> Thanks for your patch!
>
> On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]> wrote:
> > There is a general misunderstanding amongst engineers that {v}snprintf()
> > returns the length of the data *actually* encoded into the destination
> > array. However, as per the C99 standard {v}snprintf() really returns
> > the length of the data that *would have been* written if there were
> > enough space for it. This misunderstanding has led to buffer-overruns
> > in the past. It's generally considered safer to use the {v}scnprintf()
> > variants in their place (or even sprintf() in simple cases). So let's
> > do that.
>
> Confused... The return value is not used at all?
Future proofing. The idea of the effort is to rid the use entirely.
- Usage is inside a sysfs handler passing PAGE_SIZE as the size
- s/snprintf/sysfs_emit/
- Usage is inside a sysfs handler passing a bespoke value as the size
- s/snprintf/scnprintf/
- Return value used, but does *not* care about overflow
- s/snprintf/scnprintf/
- Return value used, caller *does* care about overflow
- s/snprintf/seq_buf/
- Return value not used
- s/snprintf/scnprintf/
This is the final case.
> > --- a/drivers/scsi/NCR5380.c
> > +++ b/drivers/scsi/NCR5380.c
> > @@ -421,14 +421,14 @@ static int NCR5380_init(struct Scsi_Host *instance, int flags)
> > if (!hostdata->work_q)
> > return -ENOMEM;
> >
> > - snprintf(hostdata->info, sizeof(hostdata->info),
> > - "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> > - instance->hostt->name, instance->irq, hostdata->io_port,
> > - hostdata->base, instance->can_queue, instance->cmd_per_lun,
> > - instance->sg_tablesize, instance->this_id,
> > - hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> > - hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> > - hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
> > + scnprintf(hostdata->info, sizeof(hostdata->info),
> > + "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
> > + instance->hostt->name, instance->irq, hostdata->io_port,
> > + hostdata->base, instance->can_queue, instance->cmd_per_lun,
> > + instance->sg_tablesize, instance->this_id,
> > + hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
> > + hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
> > + hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
> >
> > NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
> > NCR5380_write(MODE_REG, MR_BASE);
--
Lee Jones [李琼斯]
On 2/8/24 00:44, Lee Jones wrote:
> Cc: Andre Hedrick <[email protected]>
Please take a look at https://lwn.net/Articles/508222/.
Thanks,
Bart.
On Thu, 08 Feb 2024, Bart Van Assche wrote:
> On 2/8/24 00:44, Lee Jones wrote:
> > Cc: Andre Hedrick <[email protected]>
>
> Please take a look at https://lwn.net/Articles/508222/.
get_maintainer.pl pulled it from here:
https://github.com/torvalds/linux/blob/master/drivers/scsi/3w-xxxx.c#L11
I like to involve the people who take the time to list themselves as
authors. I guess these are likely to go out of date at one point or
another, especially in such a long standing subsystem such as SCSI. Not
as big of an issue in NFC!
--
Lee Jones [李琼斯]
On Thu, Feb 08, 2024 at 05:49:12PM +0000, Lee Jones wrote:
> On Thu, 08 Feb 2024, Bart Van Assche wrote:
>
> > On 2/8/24 00:44, Lee Jones wrote:
> > > Cc: Andre Hedrick <[email protected]>
> >
> > Please take a look at https://lwn.net/Articles/508222/.
>
> get_maintainer.pl pulled it from here:
>
> https://github.com/torvalds/linux/blob/master/drivers/scsi/3w-xxxx.c#L11
Oh. Hm. It seems "git check-mailmap" (and get_maintainers.pl) don't
support a way to remove an email address -- only redirect it.
It seems we may want to support "don't use this email address" for more
than just the currently observed rationale. I don't have any good
suggestions for what the format should look like? Perhaps:
"" <[email protected]>
?
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:13AM +0000, Lee Jones wrote:
> Since 5a602de99797b ("Add .editorconfig file for basic formatting") my
> editor has been forced to remove trailing whitespace from any file it
> saves. Instead of fighting this recent kernel default, let's start
> chipping away at fixing the issues.
On, this is a fun addition to the codebase! I wonder how much churn it
will actually create...
> Signed-off-by: Lee Jones <[email protected]>
Regardless, yeah, let's clean them up when we hit them.
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:14AM +0000, Lee Jones wrote:
> Since 5a602de99797b ("Add .editorconfig file for basic formatting") my
> editor has been forced to remove trailing whitespace from any file it
> saves. Instead of fighting this recent kernel default, let's start
> chipping away at fixing the issues.
>
> Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:19AM +0000, Lee Jones wrote:
> Removing out of need rather than want. I wish to make proper changes to
> this file, but my editor is insistent on removing whitespace on save.
> Rather than go down the rabbit hole of debugging my editor right now,
> I'd rather stay productive. So, out it comes!
>
> EDIT: Found it. Looks like 5a602de99797b ("Add .editorconfig file for
> basic formatting") now forces editors to trim whitespace.
If there is a v2, you can "squash" this. :)
>
> Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:16AM +0000, Lee Jones wrote:
> Since snprintf() has the documented, but still rather strange trait of
> returning the length of the data that *would have been* written to the
> array if space were available, rather than the arguably more useful
> length of data *actually* written, it is usually considered wise to use
> something else instead in order to avoid confusion.
>
> In the case of sysfs call-backs, new wrappers exist that do just that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
Yeah, better to use sysfs_emit().
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:17AM +0000, Lee Jones wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
> ---
> Cc: Adaptec OEM Raid Solutions <[email protected]>
> Cc: "James E.J. Bottomley" <[email protected]>
> Cc: "Martin K. Petersen" <[email protected]>
> Cc: "PMC-Sierra, Inc" <[email protected]>
> Cc: [email protected]
> ---
> drivers/scsi/aacraid/linit.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
> index 69526e2bd2e78..0e47d9c4cff23 100644
> --- a/drivers/scsi/aacraid/linit.c
> +++ b/drivers/scsi/aacraid/linit.c
> @@ -583,7 +583,7 @@ static ssize_t aac_show_unique_id(struct device *dev,
> if (sdev_channel(sdev) == CONTAINER_CHANNEL)
> memcpy(sn, aac->fsa_dev[sdev_id(sdev)].identifier, sizeof(sn));
>
> - return snprintf(buf, 16 * 2 + 2,
> + return scnprintf(buf, 16 * 2 + 2,
> "%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X\n",
> sn[0], sn[1], sn[2], sn[3],
> sn[4], sn[5], sn[6], sn[7],
I'm confused about this conversion and the original size argument. Isn't
this also a sysfs entry? Size should be PAGE_SIZE, or it should be
replaced with sysfs_emit().
-Kees
> @@ -1302,13 +1302,13 @@ static ssize_t aac_show_serial_number(struct device *device,
> int len = 0;
>
> if (le32_to_cpu(dev->adapter_info.serial[0]) != 0xBAD0)
> - len = snprintf(buf, 16, "%06X\n",
> + len = scnprintf(buf, 16, "%06X\n",
> le32_to_cpu(dev->adapter_info.serial[0]));
> if (len &&
> !memcmp(&dev->supplement_adapter_info.mfg_pcba_serial_no[
> sizeof(dev->supplement_adapter_info.mfg_pcba_serial_no)-len],
> buf, len-1))
> - len = snprintf(buf, 16, "%.*s\n",
> + len = scnprintf(buf, 16, "%.*s\n",
> (int)sizeof(dev->supplement_adapter_info.mfg_pcba_serial_no),
> dev->supplement_adapter_info.mfg_pcba_serial_no);
>
> --
> 2.43.0.594.gd9cf4e227d-goog
>
>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:18AM +0000, Lee Jones wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
It may be better to do a global replace of snprintf() where the return
value is not used.
$ git grep '\bsnprintf\b' | grep -v = | wc -l
6400
There's plenty of work to do to remove just the ones taking the result:
$ git grep ' = snprintf\b' | wc -l
764
Regardless,
Reviewed-by: Kees Cook <[email protected]>
-Kees
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
> ---
> Cc: "James E.J. Bottomley" <[email protected]>
> Cc: "Martin K. Petersen" <[email protected]>
> Cc: [email protected]
> ---
> drivers/scsi/aha1542.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c
> index 9503996c63256..b5ec7887801a5 100644
> --- a/drivers/scsi/aha1542.c
> +++ b/drivers/scsi/aha1542.c
> @@ -772,7 +772,7 @@ static struct Scsi_Host *aha1542_hw_init(const struct scsi_host_template *tpnt,
> goto unregister;
>
> if (sh->dma_channel != 0xFF)
> - snprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel);
> + scnprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel);
> shost_printk(KERN_INFO, sh, "Adaptec AHA-1542 (SCSI-ID %d) at IO 0x%x, IRQ %d, %s\n",
> sh->this_id, base_io, sh->irq, dma_info);
> if (aha1542->bios_translation == BIOS_TRANSLATION_25563)
> --
> 2.43.0.594.gd9cf4e227d-goog
>
>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:20AM +0000, Lee Jones wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:21AM +0000, Lee Jones wrote:
> Since snprintf() has the documented, but still rather strange trait of
> returning the length of the data that *would have been* written to the
> array if space were available, rather than the arguably more useful
> length of data *actually* written, it is usually considered wise to use
> something else instead in order to avoid confusion.
>
> In the case of sysfs call-backs, new wrappers exist that do just that.
Actually, a treewide replacement for snprintf(dst, PAGE_SIZE, ... to
sysfs_emit might be workable too. Here's the .cocci file I made quickly:
@replace@
expression DST;
@@
- snprintf(DST, PAGE_SIZE,
+ sysfs_emit(DST,
...)
This produced almost 1000 changes:
118 files changed, 964 insertions(+), 958 deletions(-)
Some need some manual examination, like:
arch/powerpc/platforms/ps3/system-bus.c:modalias_show() does:
return (len >= PAGE_SIZE) ? (PAGE_SIZE - 1) : len;
which isn't needed any more.
Regardless,
Reviewed-by: Kees Cook <[email protected]>
-Kees
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:22AM +0000, Lee Jones wrote:
> Since snprintf() has the documented, but still rather strange trait of
> returning the length of the data that *would have been* written to the
> array if space were available, rather than the arguably more useful
> length of data *actually* written, it is usually considered wise to use
> something else instead in order to avoid confusion.
>
> In the case of sysfs call-backs, new wrappers exist that do just that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, Feb 08, 2024 at 08:44:15AM +0000, Lee Jones wrote:
> There is a general misunderstanding amongst engineers that {v}snprintf()
> returns the length of the data *actually* encoded into the destination
> array. However, as per the C99 standard {v}snprintf() really returns
> the length of the data that *would have been* written if there were
> enough space for it. This misunderstanding has led to buffer-overruns
> in the past. It's generally considered safer to use the {v}scnprintf()
> variants in their place (or even sprintf() in simple cases). So let's
> do that.
>
> Link: https://lwn.net/Articles/69419/
> Link: https://github.com/KSPP/linux/issues/105
> Signed-off-by: Lee Jones <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
--
Kees Cook
On Thu, 8 Feb 2024, Lee Jones wrote:
> On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
>
> >
> > Confused... The return value is not used at all?
>
> Future proofing.
>
Surely a better way to prevent potential future API abuse is by adding
checkpatch.pl rules. That way does not generate churn.
James or Martin, if you can find some value in this patch, go ahead and
apply it. I'm afraid I can't see it.
On Thu, 2024-02-08 at 10:29 +0000, Lee Jones wrote:
> On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
>
> > Hi Lee,
> >
> > Thanks for your patch!
> >
> > On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]> wrote:
> > > There is a general misunderstanding amongst engineers that
> > > {v}snprintf()
> > > returns the length of the data *actually* encoded into the
> > > destination
> > > array. However, as per the C99 standard {v}snprintf() really
> > > returns
> > > the length of the data that *would have been* written if there
> > > were
> > > enough space for it. This misunderstanding has led to buffer-
> > > overruns
> > > in the past. It's generally considered safer to use the
> > > {v}scnprintf()
> > > variants in their place (or even sprintf() in simple cases). So
> > > let's
> > > do that.
> >
> > Confused... The return value is not used at all?
>
> Future proofing. The idea of the effort is to rid the use entirely.
>
> - Usage is inside a sysfs handler passing PAGE_SIZE as the size
> - s/snprintf/sysfs_emit/
> - Usage is inside a sysfs handler passing a bespoke value as the
> size
> - s/snprintf/scnprintf/
> - Return value used, but does *not* care about overflow
> - s/snprintf/scnprintf/
> - Return value used, caller *does* care about overflow
> - s/snprintf/seq_buf/
> - Return value not used
> - s/snprintf/scnprintf/
>
> This is the final case.
To re-ask Geert's question: the last case can't ever lead to a bug or
problem, what value does churning the kernel to change it provide? As
Finn said, if we want to deprecate it as a future pattern, put it in
checkpatch.
James
On Fri, 2024-02-09 at 22:56 -0800, Kees Cook wrote:
> On Thu, Feb 08, 2024 at 05:49:12PM +0000, Lee Jones wrote:
> > On Thu, 08 Feb 2024, Bart Van Assche wrote:
> >
> > > On 2/8/24 00:44, Lee Jones wrote:
> > > > Cc: Andre Hedrick <[email protected]>
> > >
> > > Please take a look at https://lwn.net/Articles/508222/.
> >
> > get_maintainer.pl pulled it from here:
> >
> > https://github.com/torvalds/linux/blob/master/drivers/scsi/3w-xxxx.c#L11
>
> Oh. Hm. It seems "git check-mailmap" (and get_maintainers.pl) don't
> support a way to remove an email address -- only redirect it.
>
> It seems we may want to support "don't use this email address" for more
> than just the currently observed rationale. I don't have any good
> suggestions for what the format should look like? Perhaps:
>
> "" <[email protected]>
/dev/null ?
On Sat, 10 Feb 2024, James Bottomley wrote:
> On Thu, 2024-02-08 at 10:29 +0000, Lee Jones wrote:
> > On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> >
> > > Hi Lee,
> > >
> > > Thanks for your patch!
> > >
> > > On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]> wrote:
> > > > There is a general misunderstanding amongst engineers that
> > > > {v}snprintf()
> > > > returns the length of the data *actually* encoded into the
> > > > destination
> > > > array. However, as per the C99 standard {v}snprintf() really
> > > > returns
> > > > the length of the data that *would have been* written if there
> > > > were
> > > > enough space for it. This misunderstanding has led to buffer-
> > > > overruns
> > > > in the past. It's generally considered safer to use the
> > > > {v}scnprintf()
> > > > variants in their place (or even sprintf() in simple cases). So
> > > > let's
> > > > do that.
> > >
> > > Confused... The return value is not used at all?
> >
> > Future proofing. The idea of the effort is to rid the use entirely.
> >
> > - Usage is inside a sysfs handler passing PAGE_SIZE as the size
> > - s/snprintf/sysfs_emit/
> > - Usage is inside a sysfs handler passing a bespoke value as the
> > size
> > - s/snprintf/scnprintf/
> > - Return value used, but does *not* care about overflow
> > - s/snprintf/scnprintf/
> > - Return value used, caller *does* care about overflow
> > - s/snprintf/seq_buf/
> > - Return value not used
> > - s/snprintf/scnprintf/
> >
> > This is the final case.
>
> To re-ask Geert's question: the last case can't ever lead to a bug or
> problem, what value does churning the kernel to change it provide? As
> Finn said, if we want to deprecate it as a future pattern, put it in
> checkpatch.
Adding this to checkpatch is a good idea.
What if we also take Kees's suggestion and hit all of these found in
SCSI in one patch to keep the churn down to a minimum?
--
Lee Jones [李琼斯]
On Mon, 2024-02-19 at 15:23 +0000, Lee Jones wrote:
> On Sat, 10 Feb 2024, James Bottomley wrote:
>
> > On Thu, 2024-02-08 at 10:29 +0000, Lee Jones wrote:
> > > On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> > >
> > > > Hi Lee,
> > > >
> > > > Thanks for your patch!
> > > >
> > > > On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]>
> > > > wrote:
> > > > > There is a general misunderstanding amongst engineers that
> > > > > {v}snprintf() returns the length of the data *actually*
> > > > > encoded into the destination array. However, as per the C99
> > > > > standard {v}snprintf() really returns the length of the data
> > > > > that *would have been* written if there were enough space for
> > > > > it. This misunderstanding has led to buffer-overruns in the
> > > > > past. It's generally considered safer to use the
> > > > > {v}scnprintf() variants in their place (or even sprintf() in
> > > > > simple cases). So let's do that.
> > > >
> > > > Confused... The return value is not used at all?
> > >
> > > Future proofing. The idea of the effort is to rid the use
> > > entirely.
> > >
> > > - Usage is inside a sysfs handler passing PAGE_SIZE as the size
> > > - s/snprintf/sysfs_emit/
> > > - Usage is inside a sysfs handler passing a bespoke value as the
> > > size
> > > - s/snprintf/scnprintf/
> > > - Return value used, but does *not* care about overflow
> > > - s/snprintf/scnprintf/
> > > - Return value used, caller *does* care about overflow
> > > - s/snprintf/seq_buf/
> > > - Return value not used
> > > - s/snprintf/scnprintf/
> > >
> > > This is the final case.
> >
> > To re-ask Geert's question: the last case can't ever lead to a bug
> > orproblem, what value does churning the kernel to change it
> > provide? As Finn said, if we want to deprecate it as a future
> > pattern, put it in checkpatch.
>
> Adding this to checkpatch is a good idea.
>
> What if we also take Kees's suggestion and hit all of these found in
> SCSI in one patch to keep the churn down to a minimum?
That doesn't fix the churn problem because you're still changing the
source. For ancient drivers, we keep the changes to a minimum to avoid
introducing inadvertent bugs which aren't discovered until months
later. If there's no actual bug in the driver, there's no reason to
change the code.
Regards,
James
On Mon, Feb 19, 2024 at 03:23:12PM +0000, Lee Jones wrote:
> Adding this to checkpatch is a good idea.
Yeah, please do. You can look at the "strncpy -> strscpy" check that is
already in there for an example.
>
> What if we also take Kees's suggestion and hit all of these found in
> SCSI in one patch to keep the churn down to a minimum?
We don't have to focus on SCSI even. At the end of the next -rc1, I can
send a tree-wide patch (from Coccinelle) that'll convert all snprintf()
uses that don't check a return value into scnprintf(). For example,
this seems to do the trick:
@scnprintf depends on !(file in "tools") && !(file in "samples")@
@@
-snprintf
+scnprintf
(...);
Results in:
2252 files changed, 4795 insertions(+), 4795 deletions(-)
-Kees
--
Kees Cook
On Mon, 19 Feb 2024, Kees Cook wrote:
> On Mon, Feb 19, 2024 at 03:23:12PM +0000, Lee Jones wrote:
> > Adding this to checkpatch is a good idea.
>
> Yeah, please do. You can look at the "strncpy -> strscpy" check that is
> already in there for an example.
>
> >
> > What if we also take Kees's suggestion and hit all of these found in
> > SCSI in one patch to keep the churn down to a minimum?
>
> We don't have to focus on SCSI even. At the end of the next -rc1, I can
When I've conducted similar work before, I've taken it subsystem by
subsystem. However, if you're happy to co-ordinate with the big penguin
et al. and get them all with a treewide patch, please go for it.
> send a tree-wide patch (from Coccinelle) that'll convert all snprintf()
> uses that don't check a return value into scnprintf(). For example,
> this seems to do the trick:
>
> @scnprintf depends on !(file in "tools") && !(file in "samples")@
> @@
>
> -snprintf
> +scnprintf
> (...);
>
>
> Results in:
>
> 2252 files changed, 4795 insertions(+), 4795 deletions(-)
Super!
--
Lee Jones [李琼斯]
On Mon, 19 Feb 2024, James Bottomley wrote:
> On Mon, 2024-02-19 at 15:23 +0000, Lee Jones wrote:
> > On Sat, 10 Feb 2024, James Bottomley wrote:
> >
> > > On Thu, 2024-02-08 at 10:29 +0000, Lee Jones wrote:
> > > > On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> > > >
> > > > > Hi Lee,
> > > > >
> > > > > Thanks for your patch!
> > > > >
> > > > > On Thu, Feb 8, 2024 at 9:48 AM Lee Jones <[email protected]>
> > > > > wrote:
> > > > > > There is a general misunderstanding amongst engineers that
> > > > > > {v}snprintf() returns the length of the data *actually*
> > > > > > encoded into the destination array. However, as per the C99
> > > > > > standard {v}snprintf() really returns the length of the data
> > > > > > that *would have been* written if there were enough space for
> > > > > > it. This misunderstanding has led to buffer-overruns in the
> > > > > > past. It's generally considered safer to use the
> > > > > > {v}scnprintf() variants in their place (or even sprintf() in
> > > > > > simple cases). So let's do that.
> > > > >
> > > > > Confused... The return value is not used at all?
> > > >
> > > > Future proofing. The idea of the effort is to rid the use
> > > > entirely.
> > > >
> > > > - Usage is inside a sysfs handler passing PAGE_SIZE as the size
> > > > - s/snprintf/sysfs_emit/
> > > > - Usage is inside a sysfs handler passing a bespoke value as the
> > > > size
> > > > - s/snprintf/scnprintf/
> > > > - Return value used, but does *not* care about overflow
> > > > - s/snprintf/scnprintf/
> > > > - Return value used, caller *does* care about overflow
> > > > - s/snprintf/seq_buf/
> > > > - Return value not used
> > > > - s/snprintf/scnprintf/
> > > >
> > > > This is the final case.
> > >
> > > To re-ask Geert's question: the last case can't ever lead to a bug
> > > orproblem, what value does churning the kernel to change it
> > > provide? As Finn said, if we want to deprecate it as a future
> > > pattern, put it in checkpatch.
> >
> > Adding this to checkpatch is a good idea.
> >
> > What if we also take Kees's suggestion and hit all of these found in
> > SCSI in one patch to keep the churn down to a minimum?
>
> That doesn't fix the churn problem because you're still changing the
> source. For ancient drivers, we keep the changes to a minimum to avoid
> introducing inadvertent bugs which aren't discovered until months
> later. If there's no actual bug in the driver, there's no reason to
> change the code.
Okay, no problem. Would you like me to drop these from the set and
resubmit or are you happy to cherry-pick the remainder?
--
Lee Jones [李琼斯]